Summary: | Calling `system("-some-tool")` fails (although it is a valid `sh` command) | ||
---|---|---|---|
Product: | glibc | Reporter: | Ciprian Dorin Craciun <ciprian.craciun> |
Component: | libc | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED MOVED | ||
Severity: | normal | CC: | alx.manpages, drepper.fsp, fweimer |
Priority: | P2 | Flags: | fweimer:
security-
|
Version: | 2.32 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: |
Description
Ciprian Dorin Craciun
2021-01-03 17:30:07 UTC
Unfortunately, this bug is required by POSIX, which requires passing the string as an argument to the -c option of the shell. You could report this to the Austin Group as a defect in POSIX: <https://www.austingroupbugs.net/> > [...] this bug is required by POSIX [...]
OK, I might understand this, however I find it hard to believe that `glibc` can do nothing about this...
For example one could:
(A) Update the `system(3)` `glibc` man page to warn the user that at the moment there is a bug in the POSIX specification, and that any command starting with `-` would in fact trigger a failure of `sh`.
(B) Update the `system(3)` implementation so that when a command starts with `-` it prepends a space. This should have almost zero consequences because spaces are allowed (and trimmed) by virtually all existing `sh` interpreters out there.
POSIX specifies the exact value of the -c argument. The manual pages are maintained as a separate project: https://www.kernel.org/doc/man-pages/ > The manual pages are maintained as a separate project: > https://www.kernel.org/doc/man-pages/ OK, I've opened a feature request there: https://bugzilla.kernel.org/show_bug.cgi?id=211029 ---- Out of curiosity, was this "bug mandated by POSIX" known or? The Bash manual page does mention that of the "first non-option argument", but the Dash manual page doesn't (Debian has sh -> dash). However, I confirmed this also happens on systems with Dash. I've started the process of reporting the bug to the POSIX Austin Group, however as I don't have an account there and the procedure requires direct contact with the group's chair, it most likely will take some time... I'll report back when I have some news. OK, I've opened an issue on the POSIX bug tracker: https://www.austingroupbugs.net/view.php?id=1440 |